Visitor counter, Heat Map, Conversion tracking, Search Rank

How to secure your intra-network from external attacks when connected to Internet - Web based configuration of PfSense

Now open your web browser and go to ip address of the LAN port of PfSense. In our example its http://192.168.2.1

 

Enable Secure shell for configuring the firewall by remotely logging in to the machine using a Linux shell

We need to install packages on to the base system to get the desired functionality.

the list of available packages has got many packages. We would be installing Squid and Squidguard packages.

Squid is a proxy server.Select Squid in the available list . Click the add package icon on the right.

 

The package installation would require Internet. The required package file would be downloaded by PfSense.

Once the files are downloaded, the system would install the package.

Similarly Squidguard has to be installed. Squidguard would give us the capability to filter traffic based on its URL.

Go to General parameters and setup Primary DNS Server as 4.2.2.2

 

There is an option to configure LAN and WAN interface if required using the Wen Configuration.

Select  Services and then Proxy Server to configure the squid proxy. Select proxy interface as LAN.  Click  on  allow users on the interface.

enter log directory as /var/squid/logs  . This would be required by the report generation package which we would install later. Select a proxy port. This port and the LAN IP of the PfSense would have to entered into all the machines to route their traffic to PfSense.

To configure Squidguard go the Services and select Squidguard. By default it would be disabled. We would have to click enable to start the Squidguard service

Select Blacklist. This would be required for enabling URL filtering.

 To check whether the services Squid and Squidguard have started go to Status and then to Services.

You would notice that the Squidguard service has not started. To start Squidguard a system reboot would be required. Reboot the machine using the Diagnostics.

Go to Status and then to Services. Check the status and verify all the services are running.

Click play to start Squid and then Squidguard

For URL filtering we need to supply a blacklist to the PfSense.  This list contains various groups which we can block as per our requirement.

We would be using a free Blacklist from http://www.shallalist.de/Downloads/shallalist.tar.gz

download and install. This would take considerable time , so be patient.

 

 

 

Now to achieve the desired URL filtering go to Common ACL in Squidguard.

Expand the Target Rules List. By default its deny all. Change it to Allow all. We intend to block only traffic to certain groups such as porn sites etc while  allowing all other. If we do the other way around , ie, denying all by default and allowing only traffic to specific groups. We would end up spending a lot of time only configuring rules.

Here I have shown deny porn and allow all configuration. Similarly all groups which you want blocked can be selected as deny.

Notice the Target rules as !blk_BL_porn all. This implies, as the traffic would arrive, the firewall would check if the URL matches the ones for porn sites, if yes, it will be blocked. If no, it would be allowed.

Select do not allow IP address in URL. If not checked a user can open a site by supplying its IP address in the URL. So even if you would have blocked porn sites, a user who enters  http://206.161.206.131 can still access www.sexocean.com thereby defeating the URL filtering.

To keep an account of usage in terms of data download, sites accessed etc , we would require to identify a particular user. This can only be possible if the user supply  some credentials to access the proxy server. Go to Auth Settings and select local authentication method.

 

For local authentication method, we would require to create users

Now to generate report of the network usage we will install a package called Lightsquid.

To check the report go Status and then to Proxy reports.

configure the settings. Select language and reporting scheme as English and Demo respectively.

The lightsquid would require to capture some data before it can generate a report else it would give an error as under.

The changes required in the user PC are shown using Mozilla Firefox web browser. Similar settings would be required in chrome or Internet explorer.

Comments   

0 #144 profile4329 2018-11-02 12:11
Need cheap hosting? Try webhosting1st, just $10 for an year.

http://gaste.zumfriedl.de/public/img-1539196155.jpg
Quote
0 #143 profile1382 2018-11-01 16:49
Need cheap hosting? Try webhosting1st, just $10 for an year.

http://myg.kahade.de/public/img-1539193654.jpg
Quote
0 #142 profile2536 2018-11-01 16:00
Need cheap hosting? Try webhosting1st, just $10 for an year.

http://pawellipinski.pl/images/photos/5756/1/9b3000cfe580a12aaeab01d5.jpg
Quote
0 #141 profile1963 2018-10-31 19:23
Need cheap hosting? Try webhosting1st, just $10 for an year.

http://merbabu.com/bukutamu/public/img-1539196162.jpg
Quote
0 #140 개츠비카지노 2018-10-03 07:14
With the online poker room, you are able to be eligible for a free
with no probability of flip qualifiers. The flexibility,
comfort and convenience as well as the excitement to win money through gambling sites continues to be main causes behind the popularity from the casinos.
It's very essential that you make right stages in order to ensure that
you will continue to be in the game.
Quote
0 #139 ilookads.com 2018-09-25 12:27
I'm truly enjoying the design and layout of your
website. It's a very easy on the eyes which makes it
much more pleasant for me to come here and visit more often. Did you hire out a designer to
create your theme? Superb work!
Quote
0 #138 퍼스트카지노 2018-09-20 16:49
The virtual casino is well designed with unique features and various other gaming
features. The business intern gave an enormous lift on the economy which opened horizons for business expansion and earned credibility.

There are many tables available with many different ranges of minimum bets and
it is advised that certain checks it with the dealer before placing one's bets.
Quote
0 #137 cassino 2018-09-09 23:26
online gambling casino
online gambling casino: http://casinoline17.com
casino games
online casino: http://casinoline17.com
online casino
Quote
0 #136 라이브카지노 2018-08-25 06:40
A few sensible in addition to expert folks are generally proven to stone
cold bluff whenever coping; however this will certainly not decrease
one self. He has the finance of 28 career live cashes, one WSOP bracelets
and career live wins. imprint this method, whether or not this is one particular zero roulette drink the
turn of readable is 2.
Quote
0 #135 bula 2018-07-31 07:57
Lift Gold pode ser usado como tratamento.
Quote

Add comment


Security code
Refresh